1.) Plug your USB flash drive in your Plextor StorX2.) Open the USB flash drive as a share unit, for example in windows explorer type \\[your_plextor_ip]\P2_B_13.) Create a directory with the name webshell into the USB flash drive4.) Uncompress the webshell.zip into the webshell directory5.) Rename the uncompressed file webshell to webshell.cgi 6.) Access to your public share directory of your Plextor StorX (\\[you_plextor_ip]\public) and create a directory with the name "heineken"7.) Access to the Plextor StorX control panel with firefox (http://[your_plextor_ip])8.) In the control panel go to BackUp option9.) Click on "Add a Backup Job"10.) Select for backup source your USB flash drive (in my plextor is Local:P2_B_1), and next select the webshell directory11.) Select for backup destination "Local:public"12.) Open the firebug panel clicking in the firebug icon (You can find it in the right bottom corner of firefox). See the icon to click:13.) Click on the Firebug Inspector Icon (You can find it in the top left corner of the Firebug panel). See the icon to click: 14.) Select the backup destination subdirectory selector (The box where you can read "-- Please select a subdirectory --")15.) In the Firebug panel you can see the select field, now you must expand it clicking in the "plus" icon. See the select field expanded with the heineken directory:

16.) Change value "heineken" for "../../../../web" like the next picture:

17.) Close the Firebug panel18.) Select the Heineken directory from the subdirectory selector (The box where you can read "-- Please select a subdirectory --")

Next you must see a screen like this:

19.) Now click in "Add" Button and you must see a screen like this:

20.) Click in the "Go" button and take your beer from the fridge or wait 10 seconds. After of this 10 seconds you can view the log clicking in the "VL" button.21.) Now go to http://[your_plextor_ip]/BackUp/local/single/webshell/webshell.cgi?passwd -d root, and you the web browser must respond: "Password changed."

22.) Go to http://[your_plextor_ip]/BackUp/local/single/webshell/webshell.cgi?/usr/sbin/telnetd24.) Now you can access to your plextor using telnet. You must use the name and password of a user previosly created in the control panel.25.) Open and drink your beer.

The evidence:

NOTES- Is very important copy the webshell and rename it using your Plextor Storx with samba because internally when we rename the file samba change the group of the file. This group change is very important because thttpd now allow execute the webshell.cgi (Please follow the guidelines strictly).

- In the webshell.zip you can find also the source code programmed in C. Perhaps you can use it for other NAS system. I recommend use codesourcery for compile this code for other architecture. The webshell binary was compiled for arm-feroceon (-mtune=marvell-f). The code is a little dirty because I don't have enought time for make my code beauty.

- Perhaps you can view your external USB flash drive with other name as P2_B_2 or Port2_B_2, don't worry for this use this name.

Is it possible to get root access to the NAS? Either to telnet login as root, or to change to root after telnet login as a regular user.

I would like to have a look (and possibly change) some of the configuration files, etc.

I would also like to move some directories that I copied in via the backup function. However, I do not have ownership of them, so I cannot move without getting root access. The backup function has put the directories in a ./BackUp/local/single structure, I would just like the directories to be in ./

I followed the guidelines, but at step 21 & 22, both Firefox and IE just offer to me to open/save the file webshell.cgi"

That doesn't matter. The code is executed because the NAS is asked to generate the webpage. It doesn't matter if you view the page in a browser, or save it on disk. Just save the file, and then open it in notepad. There should be "Password changed." inside.

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum